Big Data security is a serious topic and has been growing over the past few years massively as the trend for Big Data kicked off. Protecting Big Data Infrastructure is not the same as protecting your small web hosting server/infrastructure. The reality: Various companies do not know the difference and apply the same principles as they would do to a standard infrastructure with a few tweaks.
As companies are moving towards big data so that their marketing and customer-facing side of departments get a better insight of their customer base. Below are five useful tips that I learned from my experience for securing Big Data Infrastructure.
Technology – Products Built for Storing data not providing security
Most of the tools being used by companies and business that handle big data is that they are using tools and server software that just do the job! They do not look at the security side. Some examples are NoSQL, Hadoop, these do not provide security at all or have very little security present. Hadoop miss’s authentication which is the simple basic form of security.
Analyze Logs – They are a gold mine
Logs should be continuously analyzed as they give precious insights into your servers and applications such as MySQL Server. There are very useful insights including failed authentications, errors, areas for improvements such as tables crashing, queries taking long to respond, and so on. A great example is random crashes which could be picked from the logs and if there is an attacker trying to perform a SQL Injection Attack, this is a very high-risk attack and now counts of 2/3 of all web application attacks according to Dark Reading.
This is alarming. The implications are much worse than you can think. Imagine your SQL dump being posted online for sale? Companies and competitors are after Big Data and any data lost is data wasted. After all, the new gold is data for the 21st century. An example would be you LOSING your 1 months’ worth of new email-subscribers list stored in your MySQL database because of a SQL vulnerability.
According to Shaheer from Secured You “Any successful attack towards a database that is used to drive a web app or website such as the SQL injection login bypass attack gives the hacker a lot of power.”
MySQL is a gold mine for hackers as once they bypass MySQL security, they have access to all users, credentials and can basically get access to any of your web apps including Big Data Platform. Even the basic checklist of security can prevent a massive breach! There are no exceptions in security.
Monitoring – More Monitoring = Less Breaches
Monitoring should be your new best friend. There should be monitoring at every level of your Infrastructure and tired access model. This will reduce the amount of damage done by a hacker if they ever gain access. User accounts should be monitored and what queries/actions are being run from them. Custom monitoring rules are key and should be present such as an internal query search for 100+ products such as spark an alert for the Security Ops to have a look at.
Real-time monitoring comes in handy such as intrusion detection programs, Snort is a decent example. Such IDS platforms give you useful and important insights on who is accessing what platform and what time and any suspicious activity are reported immediately to the appropriate person.
Test and Test Again = A one missed a lot
Vulnerabilities and even small misconfiguration unnoticed can lead to major disasters. An example would be leaving an open port such as 22 for SSH (Secure Shell Access) available to the whole world will be brute-forced until someone cracks the login and boom. Such basic security measures including ports, file permissions, install permissions, and execution permissions on servers should be double-checked and there should be a checklist before a production server goes live and added in the infrastructure.
Use the Latest and Greatest – Latest Version is key
The latest and greatest software should be used for all server-side applications and database platforms like MySQL/MariaDB. Always install the latest version as you are less likely to be compromised because of a vulnerability in the wild which targeted a specific version of your database server. This is happening common and many companies are falling victim to old and outdated infrastructure I.e. Windows 2008 which had reached End of Life in 14 January 2020.
Any Additions?
Please do let me know what you think of these and please feel free to add your opinions in the comments below. I would love to hear what other people are doing to secure their modern infrastructure that hosts Big Data. Please feel free to provide me some tips too or improvements to the tips I have shared above.